January 15, 2025

The Cloudera Operational Database 1.48 version supports the SELinux enforcement and enhancement to the database user management.

Cloudera Operational Database supports Security-Enhanced Linux (SELinux) enforcement

Cloudera Operational Database supports creating a database with SELinux enforcement using the CDP CLI.

The SELinux allows you to set access control through policies. You can set the SELinux mode while creating a new operational database. You can define the SELinux mode using the seLinux parameter in the create-database command. The supported SELinux modes are:

ENFORCING: Enables SELinux in enforced mode, actively applying security policies.
PERMISSIVE (default): Sets SELinux to permissive mode, logging any security violations without enforcing policies.

If you do not define the seLinux parameter, by default, the PERMISSIVE mode is applied.

The following example shows usage of the seLinux parameter.

opdb create-database --environment-name [***ENVIRONMENT_NAME***] --database-name [***DATABASE_NAME***] --security-request '{"seLinux": string}'

opdb create-database --environment-name cod-7218-micro1 --database-name testDB --security-request '{"seLinux": "ENFORCING"}'

opdb create-database --environment-name cod-7218-micro1 --database-name testDB --security-request '{"seLinux": "PERMISSIVE"}'

For more information, see CDP CLI documentation and Setting SELinux Mode.

Assign ODAdmin role at the database level

Cloudera Operational Database supports setting a user as an ODAdmin at the database level. In earlier versions of the Cloudera Operational Database, you could set the ODAdmin at the environment level only, however, for better usability and enhanced security, now you can set it at the database level too.